[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: disposable remailers (was Re: Eternity Uncensorable?)





Andy Dustman <[email protected]> writes:
> On Thu, 7 Aug 1997, Adam Back wrote:
> 
> > You know how middleman operators work...  they always, always send
> > mail via another remailer and never deliver mail to a user.  (I'm not
> > sure if they detect this by looking to see if the address is on the
> > remailer list, or just always add an extra hop?)
> 
> I think by definition a middleman always chains through one or more
> additional remailers. When I ran dustbin, it was a "smart middleman",
> i.e., if the recipient was a known remailer, it wouldn't bother to chain
> (remailers rarely complain), otherwise it would chain through a single
> remailer. 

OK, so as you're the first person to implement a smart middleman I
guess that defines the terminology :-)

middleman
  "always adds another hop through a random remailer"

smart middleman
  "posts through remailer when asked to deliver to anybody other than
   a known remailer"

Wasn't there for a time a hidden middleman.  That is a middleman
remailer who's published address was a nym account on a nymserver?
That'd be a "hidden middleman".

> An even smarter middleman would detect PGP messages and deliver those
> directly to end recipients, since those people are unlikely to complain
> about anonymous mail, and chain if the message was plaintext. The risk
> involved with this type of middleman operation should be rather small.

Yep.

Dimitri suggested on cypherpunks in the last round of discussion of
this sort of thing another variation on that -- that you could deliver
the mail if the person had a PGP public key on the keyservers --
whether the email was encrypted or not.  On the assumption that people
who use PGP would be unlikley to complain of anonymous mail.

He also suggested beefing up keyserver submission checks (there are
none right now) so that you need a replyable address to submit a key,
otherwise the remailer-baiter just posts a key generated with their
"victim's" email address on it prior to sending to them.

Adam
-- 
Have *you* exported RSA today? --> http://www.dcs.ex.ac.uk/~aba/rsa/

print pack"C*",split/\D+/,`echo "16iII*o\U@{$/=$z;[(pop,pop,unpack"H*",<>
)]}\EsMsKsN0[lN*1lK[d2%Sa2/d0<X+d*lMLa^*lN%0]dsXx++lMlN/dsM0<J]dsJxp"|dc`